muaddib-scanner 2.10.21 → 2.10.22

package/src/response/playbooks.js

@@ -698,6 +698,48 @@ const PLAYBOOKS = {
     'dans ~/.config/sysmon/ et exfiltre vers checkmarx.zone. ' +
     'Verifier: find $(python -c "import site; print(site.getsitepackages()[0])") -name "*.pth" -exec cat {} \\; ' +
     'Supprimer tout fichier .pth non standard. Rotation des credentials.',
+
+  // Audit v3 Bypass Playbooks (AST-062 to AST-069)
+  reflect_apply_require:
+    'CRITIQUE: Reflect.apply(require, null, [module]) detecte — contournement de require() via Reflect API. ' +
+    'Aucun package legitime ne charge des modules via Reflect.apply. ' +
+    'Supprimer le package. Auditer les modules charges dynamiquement.',
+
+  finalization_registry_exec:
+    'CRITIQUE: FinalizationRegistry avec callback dangereux (child_process/exec/spawn). ' +
+    'Le callback s\'execute apres le garbage collection, hors du flux synchrone — evasion sandbox. ' +
+    'Aucun usage legitime ne combine FinalizationRegistry avec des appels systeme. Supprimer le package.',
+
+  function_prototype_constructor:
+    'CRITIQUE: Acces au constructeur Function via chaine de prototypes — (function(){}).constructor(code) ' +
+    'ou [].constructor.constructor(code). Equivalent a eval() mais invisible aux detections statiques de eval/Function. ' +
+    'Supprimer le package. Aucun usage legitime.',
+
+  prototype_pollution:
+    'HAUTE: Pollution de prototype detectee (__proto__, __defineGetter__, __defineSetter__). ' +
+    'Peut detourner les proprietes heritees de tous les objets du runtime. ' +
+    'Verifier si le code modifie Object.prototype ou des prototypes de classes natives. ' +
+    'Si combine avec du code d\'execution dynamique, traiter comme CRITIQUE.',
+
+  module_wrap_override:
+    'CRITIQUE: Module.wrap remplace — la fonction wrapper du module loader est detournee. ' +
+    'Tout module charge apres cette modification execute du code injecte. ' +
+    'Aucun package legitime ne remplace Module.wrap. Supprimer immediatement.',
+
+  symbol_property_hiding:
+    'HAUTE: Module dangereux cache derriere une propriete Symbol. ' +
+    'Invisible a Object.keys(), JSON.stringify() et for...in. Technique anti-forensics. ' +
+    'Auditer toutes les proprietes Symbol du module. Supprimer si combine avec child_process/fs.',
+
+  with_body_dangerous:
+    'HAUTE: with() statement avec require/exec/spawn dans le body. ' +
+    'Le with() rend les identifiants ambigus, empechant l\'analyse statique. ' +
+    'Aucun code moderne legitime n\'utilise with(). Supprimer le package.',
+
+  require_process_mainmodule:
+    'CRITIQUE: require("process").mainModule.require() detecte — contournement de la detection ' +
+    'process.mainModule.require() via require("process") au lieu de l\'objet global. ' +
+    'Aucun package legitime n\'utilise ce pattern. Supprimer immediatement.',
 };
 
 function getPlaybook(threatType) {

package/src/rules/index.js

@@ -1523,7 +1523,7 @@ const RULES = {
     id: 'MUADDIB-SHELL-019',
     name: 'Python Time Delay Execution',
     severity: 'HIGH',
-    confidence: 0.80,
+    confidence: 'medium',
     description: 'Execution Python avec delai time.sleep() >= 100s via child process. Technique d\'evasion sandbox (T1497.003) : le malware attend que la sandbox expire avant d\'executer le payload.',
     references: ['https://attack.mitre.org/techniques/T1497/003/'],
     mitre: 'T1497.003'
@@ -1850,6 +1850,104 @@ const RULES = {
     ],
     mitre: 'T1071'
   },
+
+  // Audit v3 Bypass Detections (AST-062 to AST-069)
+  reflect_apply_require: {
+    id: 'MUADDIB-AST-062',
+    name: 'Reflect.apply(require) Bypass',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Reflect.apply(require, null, [module]) detecte — contourne la detection statique de require() en passant par l\'API Reflect. Permet de charger child_process/fs/net sans appel require() direct.',
+    references: [
+      'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Reflect/apply',
+      'https://attack.mitre.org/techniques/T1059/'
+    ],
+    mitre: 'T1059'
+  },
+  finalization_registry_exec: {
+    id: 'MUADDIB-AST-063',
+    name: 'FinalizationRegistry Deferred Execution',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'new FinalizationRegistry() avec callback contenant child_process/exec/spawn. Le callback s\'execute apres le garbage collection, hors du flux d\'execution normal — technique d\'evasion sandbox qui differe l\'execution malveillante.',
+    references: [
+      'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/FinalizationRegistry',
+      'https://attack.mitre.org/techniques/T1497/003/'
+    ],
+    mitre: 'T1497.003'
+  },
+  function_prototype_constructor: {
+    id: 'MUADDIB-AST-064',
+    name: 'Function via Prototype Chain',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: '(function(){}).constructor(code) ou [].constructor.constructor(code) detecte — acces au constructeur Function via la chaine de prototypes, contourne les detections de new Function() et eval().',
+    references: [
+      'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function',
+      'https://attack.mitre.org/techniques/T1059/'
+    ],
+    mitre: 'T1059'
+  },
+  prototype_pollution: {
+    id: 'MUADDIB-AST-065',
+    name: 'Prototype Pollution',
+    severity: 'HIGH',
+    confidence: 'high',
+    description: '__defineGetter__, __defineSetter__ ou assignation __proto__ detectee — pollution de prototype permettant de detourner les proprietes heritees de tous les objets. Vecteur d\'escalade pour injecter du code dans des chemins d\'execution inattendus.',
+    references: [
+      'https://portswigger.net/web-security/prototype-pollution',
+      'https://attack.mitre.org/techniques/T1574/'
+    ],
+    mitre: 'T1574'
+  },
+  module_wrap_override: {
+    id: 'MUADDIB-AST-066',
+    name: 'Module.wrap Override',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'Module.wrap = ... detecte — remplacement de la fonction wrapper du module loader Node.js. Permet d\'injecter du code dans CHAQUE module charge apres le remplacement, technique de persistence systemique.',
+    references: [
+      'https://nodejs.org/api/modules.html',
+      'https://attack.mitre.org/techniques/T1574/006/'
+    ],
+    mitre: 'T1574.006'
+  },
+  symbol_property_hiding: {
+    id: 'MUADDIB-AST-067',
+    name: 'Symbol Property Hiding',
+    severity: 'HIGH',
+    confidence: 'high',
+    description: 'obj[Symbol(...)] = require(module_dangereux) detecte — dissimulation de modules dangereux derriere des proprietes Symbol, invisibles a Object.keys() et JSON.stringify(). Technique anti-forensics.',
+    references: [
+      'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Symbol',
+      'https://attack.mitre.org/techniques/T1564/'
+    ],
+    mitre: 'T1564'
+  },
+  with_body_dangerous: {
+    id: 'MUADDIB-AST-068',
+    name: 'WithStatement Dangerous Body',
+    severity: 'HIGH',
+    confidence: 'high',
+    description: 'with() statement dont le body contient require/exec/spawn/child_process — injection de scope pour obscurcir les appels dangereux. Le with() rend tous les identifiants ambigus, empechant l\'analyse statique de tracer les appels.',
+    references: [
+      'https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/with',
+      'https://attack.mitre.org/techniques/T1027/'
+    ],
+    mitre: 'T1027'
+  },
+  require_process_mainmodule: {
+    id: 'MUADDIB-AST-069',
+    name: 'require("process").mainModule Bypass',
+    severity: 'CRITICAL',
+    confidence: 'high',
+    description: 'require("process").mainModule.require() detecte — acces indirect au mainModule via require("process") au lieu de l\'objet global process. Contourne la detection de process.mainModule.require() qui ne surveille que l\'identifiant "process".',
+    references: [
+      'https://nodejs.org/api/process.html',
+      'https://attack.mitre.org/techniques/T1059/'
+    ],
+    mitre: 'T1059'
+  },
 };
 
 function getRule(type) {
@@ -1912,4 +2010,23 @@ for (const [, rule] of Object.entries(PARANOID_RULES)) {
   PARANOID_RULES_BY_ID[rule.id] = rule;
 }
 
+// Validate all rules at load time
+const VALID_SEVERITIES = new Set(['CRITICAL', 'HIGH', 'MEDIUM', 'LOW']);
+const VALID_CONFIDENCES = new Set(['high', 'medium', 'low']);
+
+for (const [key, rule] of Object.entries(RULES)) {
+  if (!VALID_SEVERITIES.has(rule.severity)) {
+    throw new Error(`Rule "${key}" has invalid severity: ${JSON.stringify(rule.severity)} (expected CRITICAL|HIGH|MEDIUM|LOW)`);
+  }
+  if (!VALID_CONFIDENCES.has(rule.confidence)) {
+    throw new Error(`Rule "${key}" has invalid confidence: ${JSON.stringify(rule.confidence)} (expected high|medium|low)`);
+  }
+}
+// PARANOID_RULES use a different schema (patterns/message, no confidence field)
+for (const [key, rule] of Object.entries(PARANOID_RULES)) {
+  if (!VALID_SEVERITIES.has(rule.severity)) {
+    throw new Error(`Paranoid rule "${key}" has invalid severity: ${JSON.stringify(rule.severity)} (expected CRITICAL|HIGH|MEDIUM|LOW)`);
+  }
+}
+
 module.exports = { RULES, getRule, PARANOID_RULES };

package/src/scanner/ast-detectors.js

@@ -921,6 +921,28 @@ function handleCallExpression(node, ctx) {
     }
   }
 
+  // B8: require('process').mainModule.require('child_process') — indirect process access
+  // Pattern: require('process').mainModule.require(mod)
+  if (node.callee.type === 'MemberExpression' &&
+      node.callee.property?.type === 'Identifier' && node.callee.property.name === 'require' &&
+      node.callee.object?.type === 'MemberExpression' &&
+      node.callee.object.property?.type === 'Identifier' && node.callee.object.property.name === 'mainModule' &&
+      node.callee.object.object?.type === 'CallExpression' &&
+      getCallName(node.callee.object.object) === 'require' &&
+      node.callee.object.object.arguments?.[0]?.type === 'Literal' &&
+      node.callee.object.object.arguments[0].value === 'process') {
+    const arg = node.arguments?.[0];
+    const modName = arg ? extractStringValueDeep(arg) : null;
+    const DANGEROUS_MODS = ['child_process', 'fs', 'net', 'dns', 'http', 'https', 'tls'];
+    const severity = modName && DANGEROUS_MODS.includes(modName) ? 'CRITICAL' : 'HIGH';
+    ctx.threats.push({
+      type: 'require_process_mainmodule',
+      severity,
+      message: `require('process').mainModule.require(${modName ? "'" + modName + "'" : '...'}) — indirect process access bypasses direct process.mainModule detection.`,
+      file: ctx.relFile
+    });
+  }
+
   // Detect exec/execSync with dangerous shell commands (direct or via MemberExpression)
   const execName = callName === 'exec' || callName === 'execSync' ? callName : null;
   const memberExec = !execName && node.callee.type === 'MemberExpression' &&
@@ -2042,6 +2064,22 @@ function handleCallExpression(node, ctx) {
           });
         }
       }
+
+      // B3: (function(){}).constructor('code')() — direct prototype chain Function access
+      // Also: [].constructor.constructor, ''.constructor.constructor, (0).constructor.constructor
+      if (obj?.type === 'FunctionExpression' || obj?.type === 'ArrowFunctionExpression' ||
+          obj?.type === 'ArrayExpression' || obj?.type === 'Literal') {
+        if (!hasOnlyStringLiteralArgs(node)) {
+          ctx.hasEvalInFile = true;
+          ctx.hasDynamicExec = true;
+          ctx.threats.push({
+            type: 'function_prototype_constructor',
+            severity: 'CRITICAL',
+            message: `Function constructor via prototype chain: (${obj.type === 'FunctionExpression' ? 'function(){}' : obj.type === 'ArrayExpression' ? '[]' : 'literal'}).constructor(code) — bypasses Function/eval detection.`,
+            file: ctx.relFile
+          });
+        }
+      }
     }
 
     // SANDWORM_MODE: Track writeFileSync/writeFile to temp paths
@@ -2164,9 +2202,37 @@ function handleCallExpression(node, ctx) {
           file: ctx.relFile
         });
       }
+      // B1: Reflect.apply(require, null, ['child_process']) — bypasses require() call detection
+      if (target.type === 'Identifier' && target.name === 'require') {
+        const argsArray = node.arguments[2];
+        let modName = null;
+        if (argsArray?.type === 'ArrayExpression' && argsArray.elements.length > 0) {
+          modName = extractStringValueDeep(argsArray.elements[0]);
+        }
+        const severity = modName && ['child_process', 'fs', 'net', 'dns', 'http', 'https'].includes(modName)
+          ? 'CRITICAL' : 'HIGH';
+        ctx.threats.push({
+          type: 'reflect_apply_require',
+          severity,
+          message: `Reflect.apply(require, null, [${modName ? "'" + modName + "'" : '...'}]) — indirect require() bypasses static call detection.`,
+          file: ctx.relFile
+        });
+      }
     }
   }
 
+  // B4: __defineGetter__ / __defineSetter__ — prototype pollution via legacy API
+  if (node.callee.type === 'MemberExpression' &&
+      node.callee.property?.type === 'Identifier' &&
+      (node.callee.property.name === '__defineGetter__' || node.callee.property.name === '__defineSetter__')) {
+    ctx.threats.push({
+      type: 'prototype_pollution',
+      severity: 'HIGH',
+      message: `${node.callee.property.name}() called — legacy prototype pollution API can hijack property access on any object.`,
+      file: ctx.relFile
+    });
+  }
+
   // Batch 1: process.binding('spawn_sync'/'fs') / process._linkedBinding(...)
   if (node.callee.type === 'MemberExpression' &&
       node.callee.object?.type === 'Identifier' && node.callee.object.name === 'process' &&
@@ -2334,6 +2400,37 @@ function handleNewExpression(node, ctx) {
       }
     }
   }
+
+  // B2: new FinalizationRegistry(callback) — deferred execution after GC
+  // Malicious pattern: callback contains require('child_process') or exec/spawn
+  if (node.callee.type === 'Identifier' && node.callee.name === 'FinalizationRegistry' &&
+      node.arguments.length >= 1) {
+    const callback = node.arguments[0];
+    if (callback) {
+      // Check if callback body contains dangerous patterns
+      let hasDangerousBody = false;
+      const cbSource = callback.start !== undefined && callback.end !== undefined
+        ? ctx._sourceCode?.slice(callback.start, callback.end) : null;
+      if (cbSource && /\b(child_process|exec|execSync|spawn|spawnSync)\b/.test(cbSource)) {
+        hasDangerousBody = true;
+      }
+      // Also flag if the callback is a variable known to be dangerous
+      if (callback.type === 'Identifier' && ctx.evalAliases?.has(callback.name)) {
+        hasDangerousBody = true;
+      }
+      if (hasDangerousBody) {
+        ctx.hasDynamicExec = true;
+        ctx.threats.push({
+          type: 'finalization_registry_exec',
+          severity: 'CRITICAL',
+          message: 'new FinalizationRegistry() with dangerous callback — deferred code execution triggered by garbage collection, evades synchronous analysis.',
+          file: ctx.relFile
+        });
+      } else {
+        ctx.hasFinalizationRegistry = true;
+      }
+    }
+  }
 }
 
 function handleLiteral(node, ctx) {
@@ -2463,6 +2560,55 @@ function handleAssignmentExpression(node, ctx) {
     }
   }
 
+  // B6: Symbol property hiding — obj[Symbol(...)] = require('child_process')
+  if (node.left?.type === 'MemberExpression' && node.left.computed &&
+      node.left.property?.type === 'CallExpression' &&
+      node.left.property.callee?.type === 'Identifier' && node.left.property.callee.name === 'Symbol') {
+    // Check if the right side is require('child_process') or similar dangerous module
+    let isDangerous = false;
+    let modName = null;
+    if (node.right?.type === 'CallExpression' && getCallName(node.right) === 'require' &&
+        node.right.arguments?.[0]?.type === 'Literal') {
+      const rawMod = node.right.arguments[0].value;
+      modName = typeof rawMod === 'string' && rawMod.startsWith('node:') ? rawMod.slice(5) : rawMod;
+      if (['child_process', 'fs', 'net', 'dns', 'http', 'https'].includes(modName)) {
+        isDangerous = true;
+      }
+    }
+    // Also detect: obj[Symbol('x')] = eval / Function / exec
+    if (node.right?.type === 'Identifier' && ['eval', 'Function'].includes(node.right.name)) {
+      isDangerous = true;
+    }
+    if (isDangerous) {
+      ctx.threats.push({
+        type: 'symbol_property_hiding',
+        severity: 'HIGH',
+        message: `Dangerous module/function hidden behind Symbol property — obj[Symbol(...)] = ${modName ? "require('" + modName + "')" : node.right?.name || '...'}, evades string-based property enumeration.`,
+        file: ctx.relFile
+      });
+    }
+  }
+
+  // B5: Module.wrap = ... or require('module').wrap = ... — module wrapper override
+  if (node.left?.type === 'MemberExpression' &&
+      node.left.property?.type === 'Identifier' && node.left.property.name === 'wrap') {
+    const obj = node.left.object;
+    // Direct: Module.wrap = ... (where Module was imported via require('module'))
+    const isModuleObj = (obj?.type === 'Identifier' && ctx.moduleAliases?.has(obj.name)) ||
+      (obj?.type === 'Identifier' && obj.name === 'Module');
+    // Inline: require('module').wrap = ...
+    const isInlineRequire = obj?.type === 'CallExpression' && getCallName(obj) === 'require' &&
+      obj.arguments?.[0]?.type === 'Literal' && obj.arguments[0].value === 'module';
+    if (isModuleObj || isInlineRequire) {
+      ctx.threats.push({
+        type: 'module_wrap_override',
+        severity: 'CRITICAL',
+        message: 'Module.wrap overridden — module wrapper function hijacked, allows injecting code into every loaded module.',
+        file: ctx.relFile
+      });
+    }
+  }
+
   // Detect object property indirection: obj.exec = require('child_process').exec
   // or obj.fn = eval — stashing dangerous functions in object properties
   if (node.left?.type === 'MemberExpression' && node.right) {
@@ -2517,6 +2663,17 @@ function handleAssignmentExpression(node, ctx) {
     }
   }
 
+  // B4: Prototype pollution — __proto__ assignment
+  if (node.left?.type === 'MemberExpression' && !node.left.computed &&
+      node.left.property?.type === 'Identifier' && node.left.property.name === '__proto__') {
+    ctx.threats.push({
+      type: 'prototype_pollution',
+      severity: 'HIGH',
+      message: `__proto__ assignment on ${node.left.object?.name || 'object'} — prototype pollution can hijack inherited properties across all objects.`,
+      file: ctx.relFile
+    });
+  }
+
   if (node.left?.type === 'MemberExpression') {
     const left = node.left;
 
@@ -3021,6 +3178,16 @@ function handlePostWalk(ctx) {
       file: ctx.relFile
     });
   }
+
+  // B2 compound: FinalizationRegistry + exec/network in same file = deferred malicious execution
+  if (ctx.hasFinalizationRegistry && ctx.hasDynamicExec) {
+    ctx.threats.push({
+      type: 'finalization_registry_exec',
+      severity: 'CRITICAL',
+      message: 'FinalizationRegistry + dynamic execution in same file — deferred code execution triggered by garbage collection.',
+      file: ctx.relFile
+    });
+  }
 }
 
 function handleWithStatement(node, ctx) {
@@ -3049,6 +3216,22 @@ function handleWithStatement(node, ctx) {
         file: ctx.relFile
       });
     }
+    return; // Already handled as direct with(require(...))
+  }
+
+  // B7: with(obj) { ... require('child_process') ... } — body contains dangerous require/exec
+  // The with statement itself is rare in modern code; combined with dangerous APIs in body = evasion
+  if (node.body) {
+    const bodySource = node.body.start !== undefined && node.body.end !== undefined
+      ? ctx._sourceCode?.slice(node.body.start, node.body.end) : null;
+    if (bodySource && /\b(require\s*\(\s*['"]child_process['"]\s*\)|child_process|exec\s*\(|execSync\s*\(|spawn\s*\()/.test(bodySource)) {
+      ctx.threats.push({
+        type: 'with_body_dangerous',
+        severity: 'HIGH',
+        message: 'with() statement body contains require/exec/spawn — scope injection used to obscure dangerous API calls.',
+        file: ctx.relFile
+      });
+    }
   }
 }
 

package/src/scanner/ast.js

@@ -180,7 +180,11 @@ function analyzeFile(content, filePath, basePath) {
     hasSolanaImport: false,
     hasSolanaC2Method: false,
     // Audit v3: uncaughtException/unhandledRejection handler for error hijacking detection
-    hasUncaughtExceptionHandler: false
+    hasUncaughtExceptionHandler: false,
+    // Audit v3 B2: FinalizationRegistry deferred exec detection
+    hasFinalizationRegistry: false,
+    // Audit v3: source code reference for callback body analysis
+    _sourceCode: content
   };
 
   // Compute fetchOnlySafeDomains: check if ALL URLs in file point to known registries

package/src/scanner/shell.js

@@ -6,15 +6,15 @@ const { MAX_FILE_SIZE, getMaxFileSize } = require('../shared/constants.js');
 const SHELL_EXCLUDED_DIRS = ['node_modules', '.git', '.muaddib-cache'];
 
 const MALICIOUS_PATTERNS = [
-  { pattern: /curl.*\|.*sh/m, name: 'curl_pipe_shell', severity: 'HIGH' },
-  { pattern: /wget.*&&.*chmod.*\+x/m, name: 'wget_chmod_exec', severity: 'HIGH' },
+  { pattern: /curl[^\n]{0,5000}\|[^\n]{0,5000}sh/m, name: 'curl_pipe_shell', severity: 'HIGH' },
+  { pattern: /wget[^\n]{0,5000}&&[^\n]{0,5000}chmod[^\n]{0,5000}\+x/m, name: 'wget_chmod_exec', severity: 'HIGH' },
   { pattern: /bash\s+-i\s+>&\s+\/dev\/tcp/m, name: 'reverse_shell', severity: 'CRITICAL' },
   { pattern: /nc\s+-e\s+\/bin\/(ba)?sh/m, name: 'netcat_shell', severity: 'CRITICAL' },
   { pattern: /rm\s+-rf\s+(~\/|\$HOME|\/home)/m, name: 'home_deletion', severity: 'CRITICAL' },
   { pattern: /shred.*\$HOME/m, name: 'shred_home', severity: 'CRITICAL' },
-  { pattern: /curl.*-X\s*POST.*-d/m, name: 'curl_exfiltration', severity: 'HIGH' },
-  { pattern: /(?:cat|readFile|cp|mv|curl\s+file:\/\/|tar\s+.*|scp\s+).*\.npmrc/m, name: 'npmrc_access', severity: 'HIGH' },
-  { pattern: /(?:cat|readFile|cp|mv|curl\s+file:\/\/|tar\s+.*|scp\s+).*\.ssh/m, name: 'ssh_access', severity: 'HIGH' },
+  { pattern: /curl[^\n]{0,5000}-X\s*POST[^\n]{0,5000}-d/m, name: 'curl_exfiltration', severity: 'HIGH' },
+  { pattern: /(?:cat|readFile|cp|mv|curl\s+file:\/\/|tar\s+[^\n]{0,5000}|scp\s+)[^\n]{0,5000}\.npmrc/m, name: 'npmrc_access', severity: 'HIGH' },
+  { pattern: /(?:cat|readFile|cp|mv|curl\s+file:\/\/|tar\s+[^\n]{0,5000}|scp\s+)[^\n]{0,5000}\.ssh/m, name: 'ssh_access', severity: 'HIGH' },
   { pattern: /python\s+-c.*import\s+socket/m, name: 'python_reverse_shell', severity: 'CRITICAL' },
   { pattern: /perl\s+-e.*socket/m, name: 'perl_reverse_shell', severity: 'CRITICAL' },
   { pattern: /mkfifo.*\/dev\/tcp/m, name: 'fifo_reverse_shell', severity: 'CRITICAL' },

package/src/scoring.js

@@ -102,8 +102,8 @@ const PACKAGE_LEVEL_TYPES = new Set([
   'shai_hulud_marker', 'suspicious_file',
   'pypi_malicious_package', 'pypi_typosquat_detected',
   'dangerous_api_added_critical', 'dangerous_api_added_high', 'dangerous_api_added_medium',
-  'publish_burst', 'publish_dormant_spike', 'publish_rapid_succession',
-  'maintainer_new_suspicious', 'maintainer_sole_change',
+  'publish_burst', 'dormant_spike', 'rapid_succession',
+  'suspicious_maintainer', 'sole_maintainer_change',
   'sandbox_network_activity', 'sandbox_file_changes', 'sandbox_process_spawns',
   'sandbox_canary_exfiltration',
   // Compound scoring rules — package-level co-occurrences

package/src/shared/constants.js

@@ -99,13 +99,13 @@ function resetMaxFileSize() { _maxFileSize = MAX_FILE_SIZE; }
 const ACORN_OPTIONS = { ecmaVersion: 2024, sourceType: 'module', allowHashBang: true };
 
 const acorn = require('acorn');
+const crypto = require('crypto');
 
 /**
  * AST parse cache — same content+options returns the same AST.
  * Scanners do not mutate AST nodes (verified: only read comparisons).
  * Cleared between scans via clearASTCache().
- * Key = code.length + '|' + optionsKey + '|' + code.slice(0,128) + code.slice(-64)
- * (length-prefixed partial key for fast Map lookup; collisions resolved by full WeakRef check)
+ * Key = sha256(code) + '|' + optionsKey (collision-free content-addressable key)
  */
 const _astCache = new Map();
 const _AST_CACHE_MAX = 600; // Max entries (one scan ≈ 500 files max)
@@ -117,9 +117,9 @@ const _AST_CACHE_MAX = 600; // Max entries (one scan ≈ 500 files max)
  * Returns AST or null if both modes fail.
  */
 function safeParse(code, extraOptions = {}) {
-  // Build cache key: options signature + content fingerprint
+  // Build cache key: sha256 content hash + options signature
   const optKey = Object.keys(extraOptions).length === 0 ? '' : JSON.stringify(extraOptions);
-  const cacheKey = code.length + '|' + optKey + '|' + code.slice(0, 128) + code.slice(-64);
+  const cacheKey = crypto.createHash('sha256').update(code).digest('hex') + '|' + optKey;
 
   const cached = _astCache.get(cacheKey);
   if (cached !== undefined) return cached;

package/src/utils.js

@@ -23,6 +23,7 @@ let _scanRoot = '';
  */
 const _fileListCache = new Map();
 let _filesCapped = false;
+let _overflowFiles = [];
 
 /**
  * File content cache — read each file once, reused across all scanners in a single scan.
@@ -121,6 +122,7 @@ function findFiles(dir, options = {}) {
         return depthA - depthB;
       });
       const capped = result.slice(0, maxFiles);
+      _overflowFiles = result.slice(maxFiles);
       _fileListCache.set(cacheKey, [...capped]);
       _filesCapped = true;
       return capped;
@@ -227,12 +229,17 @@ function clearFileListCache() {
   _fileContentCache.clear();
   clearASTCache();
   _filesCapped = false;
+  _overflowFiles = [];
 }
 
 function wasFilesCapped() {
   return _filesCapped;
 }
 
+function getOverflowFiles() {
+  return _overflowFiles;
+}
+
 /**
  * Escapes HTML characters to prevent XSS
  * @param {string} str - String to escape
@@ -394,6 +401,7 @@ module.exports = {
   findJsFiles,
   clearFileListCache,
   wasFilesCapped,
+  getOverflowFiles,
   escapeHtml,
   getCallName,
   Spinner,